1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can I prepare a MySQL statement on both sides of an equality?

Discussion in 'XenForo Development Discussions' started by Jaxel, Feb 18, 2014.

  1. Jaxel

    Jaxel Well-Known Member

    if (!$channel = $this->_getDb()->fetchRow("
        SELECT *
        FROM EWRcanal_channels
        WHERE ? = ?
    ", array($type, $data)))
        return false;
    Is this code semantically possible?
  2. digitalpoint

    digitalpoint Well-Known Member

    Technically you should be able to... but not sure you could call out a column name (if that's what you are trying to do) with the first part since it's going to wrap it in quotes within the query.

    It would end up being a query like:
    SELECT *
    FROM EWRcanal_channels
    WHERE 'type' = 'someValue'
    Maybe I'm not thinking of something, but pretty sure the query will always return no records if $type and $data are different, and will return all records if they are the same.
  3. Luke F

    Luke F Well-Known Member

    Check if $type is within an array of predetermined values for sanity and vs injection and then just stick it directly in the query string

    I'm assuming you want to treat $type as a column name and not a string, otherwise there'd be no purpose of doing the comparison in sql
  4. Jaxel

    Jaxel Well-Known Member

    Yeah... you're right... I should just check it in a switch-case.

Share This Page